Latest Server related questions

My client have Azure Active Directory with synchronized their onPremise Active Directory. We want to provide him Remote Desktop Services behind Azure App Proxy from dedicated onPremise Active Directory in our infrastructure.

So client have domain named contoso.com. We want create onPremise AD named private.local

We want provide Authentication to RDS in onPremise domain private.local only with crede ...

I'm trying to set up a Docker container for our DevOps pipelines. I've... almost got it all.

Right now I've got a Windows-based container which:

1. has pre-installed SDKs, Java and the like
2. can manipulate (start, stop, build) docker containers
3. can access our network shares

The problem is that I can't get points 2) and 3) to be available simultaneously. To enable 3) I've had to prepare a group managed ser ...

I would like to run Wireguard vpn on my server to take advantage of another server's good routing. But of course I don't want Wireguard to take over my inbound traffic for ssh,hosted services etc.

Does anyone know how do I use Wireguard for outbound traffic only?

In the same way, we report IPs for AbuseIPDB IPs, is there a way to use their DB of IPs to Ban IPS using fail2ban?

I went through this tutorial

https://www.abuseipdb.com/fail2ban.html

And it works to report IPs. But I would like to improve this process by adding the AbuseIPDB IPs to my host so I can share IPs in both ways. Is that feasible?

Thanks

So I have a website configured with these bindings (fictional domains / ip addresses here):

http sub.domain.com   port 80    ip 1.2.3.4
http www.somedomain.com port 80  ip 2.2.3.3

Everything works fine, both domains work with the website, however if I add a new https binding to ONE of the domains:

https www.somedomain.com  port 443  ip 2.2.3.3

That messes up the sub.domain.com website. When I go to  ...

We have a multi-site active directory setup, with one of the sites only containing read only domain controllers.

Due to a new remote site coming online, new site links and link bridges were created as the new site was not fully routed. There was a misunderstanding about how the site-link bridges operated - as a result these site link changes replicated to the RODC only site. There is now a large  ...

I am setting up a new domain and I need to setup a Root CA and a Certificate Authority to hand out certificates to domain computers as well as to handle certificate actions and secure communications. I have installed it onto a Member Server for my Server 2019 domain separate from any of my Domain Controllers as I understand that is not a best practice. But when I go to pull new certificates on my Domain ...

In the last two months, we have got quite a few issues with the server time and date occasionally changing to some absolute random values. Sometimes it is a few days in the future or past, sometimes - even several months.

We have got the problem on several VMs, so it is not the problem with one VM unfortunately.

We run Windows Server 2019 (Version 1809 OS Build 17763.3406) on Amazon EC2. We synced  ...

I have a small test network composed of two LANs connected via a firewall, with Linux hosts(containers). This firewall is set up to block certain websites from being accesed from within the B LAN, and as such I want to check out ways of bypassing said firewall.

For this, I know that both A and B are SSH servers (which allow root login, tunneling etc. for testing purposes), and moreover that A has set up  ...

I have a Linux Strongswan IPSec site-to-site connection up and stable to an Azure Cloud Network, I'm trying to route an sql connection with a python script through the tunnel to an Azure database in the clients network but I keep getting timed out responses and I can't tell if the connection attempts are going through the tunnel. Part of my python script is trying to resolve the address to the IP but I ...

I am trying to build rtlamr and rtlamr-collect in Docker and then using a multi-stage build copy the outputs to reduce file sizes. I am trying to target a Raspberry Pi 1 B+ which is a low powered ARMv6 SBC.

dockerfile:

FROM golang:latest AS build
RUN CGO_ENABLED=0 GOOS=linux go install github.com/bemasher/rtlamr-collect@latest
RUN CGO_ENABLED=0 GOOS=linux go install github.com/bemasher/rtlamr@latest

 ...

How to check logs for non application 500s?

we have standard php and apache but not seeing anything in there defined tmp dirs

I have actually 2 issues one is routing logs for https://www.test.com

other is that the '/tmp/' or our dev on system currently is writing to a private system dir

e.g. /tmp/systemd-private-840c0bc8008041628bfc86e69a7bb944-httpd.service-z3oDEZ/tmp/

our old server wrote to '/tmp/' ...

Recently I noticed on two of our servers strange distribution of tasks. Both servers are dual cpu EPYC 7402 physically the same platforms, running the same tasks, differ in numa configuration, kernel and ubuntu.

Server 1 configuration and load:

Linux sv-marmoset222 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Architecture:                    x86_6 ...

I cancelled the export of a VM via ovftool when I realised the partition it was being dumped to wasn't going to be big enough. As a direct result of this, the VM cannot be powered on, with the surprising error

Failed - The attempted operation cannot be performed in the current state (Powered off).

Googling this error gives me nothing, the closest matches on the VMware KB refer to "Powered on", wh ...

Queston: Using the roles & profiles method, is it possible to use 'puppetlabs-apache', '8.3.0' with a hiera lookup?

Context:

• I am using mod 'puppetlabs-apache', '8.3.0' to configure an apache server. I have a large number of apache re-write rules for various sites.

• Each site is configured hiera, e.g hiera.yaml:

   paths:
      - site/%{::site}.yaml
      - role/%{::role}.yaml
  

• where a webapp.pp role inst ...

First of all, I'm really sorry if I am asking a super dump question. I've searched everything on the internet but couldn't find the right answer.

I'm building a K8S cluster on VirtualBox using Vagrant. All instances are successfully configured to the network (192.168.57.1 "my physical router, and the physical server has connected with it"). My laptop has connected to the same router but in a diff ...

Situation

One jumphost: j
Two target servers: s & d

What (if it's possible) would I have to do on j, s & d to be able to on s do:

scp -r foo d:/tmp/foo

both s & d are reachable from j via ssh, but j does not, itself, run an ssh server.

I want to separate SCP to be on a different TCP port than the regular port 22.

Using this port, a user should only be able to run SCP commands but not to do a regular SSH login. That user would not have access to regular SSH login on port 22, and vice versa.

Is that possible?

On an Exchange 2016 we would like to configure different security settings for approx. 250 Domains (Limit non delivery reports to these). A solution might be to configure a separate send connector for each of these domains.

• Is there a problem configuring this amount of send connectors - maybe performance problems?
• Is there a better way to achieve this than more send connectors?

Thanks for any advi ...

Further elaborating what the title says: basically I have an Ubuntu 20.05.5 bare metal server that I am renting from a third party provider.
Every time I run a generic software update that includes kernel modules, I also need to reboot the machine: after I give the command sudo reboot, of course I am kicked out of the server, but the problem is, after waiting several minutes for it to come back o ...

I need help extracting hosts informations from /etc/hosts file and exporting that content to a predefined file. I created a Ansible's Playbook to this task, but the content is not written on the output file. Do you guys, can help me, please?

Following Playbook:

- hosts: sigt-temp 
  become: yes
  become_user: root
  gather_facts: yes
  
  tasks:
  
    - name: Collecting Data
      shell:
        cmd:  ...

This is my first post/question here, so please bear with me.

I have an issue with my system where my existing raid5 array won't assemble. This occurred after I inadvertently wiped the partition table of the first disk in the array.

The system was set up a while ago with two raid arrays across 4 identical 4Tb disks - a 2Tb effective/4Tb disk space raid 1 array (md0), intended for home backups, and an ...

I have a number of systems that need configuration/updates, while being offline for long periods of time. They therefore need to contact a configuration system on boot, and in regular intervals and apply their updates in a pull fashion.

I have some experience with ansible-pull/mitogen for the purpose, but I was surprised that I could not find any pull-based mechanisms in similar management system ...

From time to time while running rsync command through wsl, it stacks, and I need to run it again. This only happens while I am connected to VPN. Not sure why this happens

RSYNC_COMMAND=avAXEWSlHhz

rsync -${RSYNC_COMMAND} --timeout=3 --chmod=ugo=rwX --delete --exclude-from="${EXCLUDE_FILES}" ${LOCAL_FOLDER} -e "ssh -i ${INDENTITY_KEY}" ${USERNAME}@${DEV_SERVER}:${REMOTE_FOLDER}

Output:

sending in ...

The VMs in our environments are using only internal networks , which consist of both Linux and Windows flavours. Our requirement is to take the monthly report which gives the data of the VM uptime in percentage.

Please suggest if already the solution exists.or suggest steps to get the uptime percentage of the VMs

I have an endpoint like https://app1.company.com:5555 and will like to be able to browse the website with the port number in the url for all pages and also be able to browse without the port number at let say the other server_name of https://dev-app1.company.com

so for example https://app1.company.com:5555/tag/general , https://dev-app1.company.com/categories/ulmighty should all work

how do I get  ...

Background / Environment:

Jenkins 2.3x on Ubuntu 20.04

I am trying to use a Jenkins Agent installed on the same system as Jenkins server. Ideally it will connect to just "localhost" when talking to the Jenkins controller.

Jenkins sits behind a reverse proxy which requires 2FA auth (using the official plugin).

If a reason for me using this local agent is needed, it's because having a standalone agen ...

My root partition is running out of space and I have no other SATA slots. I have a BTRFS raid0 and I would like to shrink one of the partitions I used for the BTRFS-raid0 and add it to the root partition (make it raid0). How can I do that?

The layout is as follows:

• /dev/sda
  • sda1 - 500M - EFI - /boot
  • sda2 - 10G - Root - /
  • sda3 - 455.3G - btrfs-raid0-disk0 - /data
• /dev/sdb - 465.8G - btrf ...

'm having problems uploading files through the Python requests library when I activate the parameters below in my NGINX proxy (where the connection goes)

proxy_buffering off;

proxy_request_buffering off;

Through curl I can successfully upload:

• It returns HTTP/200 on authentication, then HTTP/307 pro redirect through NGINX proxy and HTTP/201 to inform that the file was created successfully.

Throu ...

I have few knowledge for network, I need some basic advice.

On my business domain, users is facility manager or system installer. There are not many users and they can have some responsibility for security.

My devices are made by Raspberry Pi that use Web GUI to control. But it is only used when it installed, few hours, no heavy traffic.

I think VPN is enough to handle this with following network descr ...